- Reviews the most recent SIEM and SOAR alerts to see their relevance and urgency.
- Carries out triage to ensure that a genuine security incident is occurring.
- Oversees and configures security monitoring tools.
- Create security and vulnerability assessment for network and system.
- Test incident response plans periodically to ensure response times and executed procedures are acceptable.
- Deals with critical incidents.
- Evaluates incidents identified by tier 1 analysts.
- Uses threat intelligence such as updated rules and indicators of compromise (IOCs) to pinpoint affected systems and the extent of the attack.
- Analyzes running processes and configs on affected systems.
- Carries out in-depth threat intelligence analysis to find the perpetrator, the type of attack, and the data or systems impacted. Creates and implements a strategy for containment and recovery.
- Carries out vulnerability assessments and penetration tests to assess the resilience of the organization and to isolate areas of weakness that need attention.
- Reviews alerts, threat intelligence, and security data.
- Identifies threats that have entered the network, and security gaps and vulnerabilities currently unknown.
- Hand on Endpoint security (Kasper-EMS-Sophos XDR)
- Hand on firewall Sophos and FortiGate and Cisco ISE.
Bachelor's degree in engineering or computer sciences a MUST3+ Years of working experienceSecurity+ SY0-601, eCIR, CISSP, SANS, CEH OR similarNew Cairo resident is preferred